Good to hear. Maybe after reading you experience with it I'll be more inclined to put up $900 for a challenge. Good Luck! Arent you doing GWAPT as well?

Nice.


I just thought about it and GCIA cost less than CCIE:S lab and it is at least open book

I currently work as an operations network security engineer (which sounds like the type of role you're trying to move into) and for me SANS 503 was memorably the most valuable experience I've had out of all the classes / cert studies that I've been through.  I'm not knocking 502 and 504 and their respective certs, but diving deep down to the bit level is enlightening.  Plus, you come out of there being able to impress folks with your knowledge of packet headers, offsets, hex values, and tcpdump-foo ... not that it really matters all the time in real-world scenarios since a lot of the emphasis is now in the web app layer which I'm struggling on (I'm still going through 542 and it's killing me).

I'll be the lone sheep in the crowd and recommend looking into the WCNA.  Even if you don't go for the certification (since hardly anyone knows about it), read through the Wireshark Network Analysis book if traffic analysis isn't something you're comfortable with.  It'll put a lot of things into perspective.

I've never gone for the OSCP, but I've had a taste of OffSec material with the OSWP.  I loved every minute of it.  For an operations role, it should provide a very good impression of the balance / counter-balance involved when it comes to defending your network and understanding the dark unknowns you're guarding against.  I'm sure you'll be better equipped (knowledge-wise) when it comes to configuring a web app firewall on a load balancer.

I am new to this forum .. and in the same boat as the OP.  I am a network engineer .. got a ccna / ccnp  and a masters in Network Security ( though didn't have much security involved in there sadly but the company paid for it ). 

I want to focus more on security and looking at paths I should take.  I would like to not only learn more but move towards pen testing.  Thinking of starting with CEH  and move to elearnsecurity and hacking dojo .. followed by oscp.   

Skimming over the posts, it looks like you're focusing too much on the certs. Yes I know we love certs and the classes around here, but maybe get your hands in on some projects. Try to hook up with your local BSides group and offer to help them with a con network. Think Schmoo labs, but for Bsides.

One of the local security groups I'm involved in is going to start doing workshops this summer. Don't know how many or how often. I know one will be on basic linux hardening. One might be on XSS. I'm sure we'll come up with some others.